Security update for python-tornado

This update for python-tornado fixes the following issues: CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. CVE-2025-67726: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254904. Patch Instruction...

SUSE-SU-2026:0222-1 Security update for python-tornado

This update for python-tornado fixes the following issues: - CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values bsc1254905. - CVE-2025-67726: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254904...

Security update for python-filelock

This update for python-filelock fixes the following issues: CVE-2025-68146: TOCTOU race condition may allow local attackers to corrupt or truncate arbitrary user files bsc1255244. CVE-2026-22701: TOCTOU race condition in the SoftFileLock implementation bsc1256457. Patch Instructions: To install...

SUSE-SU-2026:0220-1 Security update for python-filelock

This update for python-filelock fixes the following issues: - CVE-2025-68146: TOCTOU race condition may allow local attackers to corrupt or truncate arbitrary user files bsc1255244. - CVE-2026-22701: TOCTOU race condition in the SoftFileLock implementation bsc1256457...

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

A new malicious package discovered in the Python Package Index PyPI has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency miner, on Linux hosts. The package, named sympy-dev , mimics SymPy, replicating the latter's projec...

EUVD-2026-4198

Malicious code in sympy-dev PyPI...

MAL-2026-450 Malicious code in sympy-dev (PyPI)

Package downloads and executes code from remote servers, indicating malicious behavior. Multiple files and IPs involved. Package impersonates popular sympy package...

EUVD-2026-4199

Malicious code in icloudprocessor PyPI...

AZL-75192 CVE-2026-24049 affecting package python-virtualenv 20.26.6-2

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...

AZL-75014 CVE-2025-71176 affecting package pytest 7.4.0-2

pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-user name pattern, which allows local users to cause a denial of service or possibly gain privileges...

CVE-2026-24049

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...

a-mailx (=0.1.0), a2grunnerp (>=0.1.0 <=0.1.8) +1589 more potentially affected by CVE-2026-24049 via wheel (>=0.24.0 <=0.46.1)

wheel PYPI version =0.24.0, =0.1.0, =0.1.0, =0.4.24, =0.1.0, =0.1.3, =0.0.1, =0.1.5, =0.1.1, =0.0.3, =1.0.0, =1.1.0, =1.1.0, =1.2.5 and more Source cves: CVE-2026-24049 Source advisory: SNYK:PYTHON-WHEEL-15053866...

CVE-2026-24049

wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.20.11 bug fix and security update

Red Hat OpenShift Container Platform release 4.20.11 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

K000159661: libxml2 vulnerabilities CVE-2025-32414 and CVE-2025-32415

Security Advisory Description CVE-2025-32414 In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API Python bindings because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between...

[SECURITY] Fedora 42 Update: mingw-python3-3.11.14-5.fc42

MinGW Windows python3...

[SECURITY] Fedora 43 Update: mingw-python3-3.11.14-5.fc43

MinGW Windows python3...

SUSE CVE-2025-15282

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype...

SUSE CVE-2025-56005

An undocumented and unsafe feature in the PLY Python Lex-Yacc library 3.11 allows Remote Code Execution RCE via the picklefile parameter in the yacc function. This parameter accepts a .pkl file that is deserialized with pickle.load without validation. Because pickle allows execution of embedded...

PT-2026-3917

Name of the Vulnerable Software and Affected Versions wheel versions 0.40.0 through 0.46.1 Description The 'wheel' package, a tool for manipulating Python wheel files, contains a flaw in the unpack function. This flaw allows for file permission modification through mishandling of file permissions...